Articles / A New Business Plan for Fre…

A New Business Plan for Free Software

The PC with a fast Internet connection and a static IP is becoming a common sight in homes, but techno-ignorant customers don't understand the risks involved in owning one. I believe that by combining this with the fact that most people don't want to be responsible for maintaining their systems, a whole new workplace could be created for people with UNIX knowledge. Today, I'll explain why I think we should unblur the distinction between users and admins, and suggest a new way to make money with Free Software.

Users vs. Admins

Before the PC, there were two clear roles that people played in relation to the computers in their workplace: some were users and some were admins. When the PC industry sold the world on "a computer on every desktop", they played up the idea that you would no longer be reliant on your admin. If you needed some software, you could just install it yourself without waiting for anyone else to get to it. You could control your own destiny.

What they neglected to say was that you can't have the freedom and power of the admin's job without its responsibility. It soon became apparent that the real power you now had was the ability to change your system settings, render your machine inoperable, and suffer the glare of your admin when he stopped by your cubicle after you'd called him for help. Now you could experience his BOFH sarcasm in person instead of through email. Whether this could be counted as progress is debatable.

In spite of this, the PC caught on and invaded the home as well as the workplace. (This was a boon to the admins, since they could charge more for driving to your home to berate you.) The home users' needs were modest and there was no network involved, so the security concerns were not so great. With time, home users came to think that part-time computer hobbyists with just enough knowledge to get by could do everything necessary to maintain a system. The distinction between users and admins became blurred in their minds and was replaced with a different terminology: "users" and "power users", the difference being that users could change their desktop wallpaper and power users could install a scanner. There was a short window of time when this was even a tolerable situation, between the time PCs came into wide use and the time they started being connected to the Internet.

Now that that time is over, the need for the professional admin is just as strong as ever (though most home users haven't yet realized it), and so is the need for a securable system. As has been pointed out in innumerable other places, GNU/Linux is the option that has some hope of being secure on the net because its openness allows for peer review and fast patching which find security holes quickly and close them even more quickly.[1]

Non-geeks will say, "I can't use Linux because I don't know anything about it", but what they really mean is not that they can't use it but that they can't admin it. The blurring of the roles has made it hard for them to realize that Linux is actually quite easy to use, though it requires considerable knowledge and continuing education to properly admin.

How many of these people actually know how to maintain the systems they're using now? The vast majority instead buy a service contract with Gateway or rely on their brother-in-law or the kid next door to help them when they get into a jam. It's as bogus an argument as the "Linux is hard to install" complaint that comes from people who bought Windows preinstalled. They're able to claim that Linux machines require administration and Windows machines don't only because they get other people to do their administration for them, then conveniently forget about it.

Given my beliefs that:

  1. Machines need to be administrated, but most home users do not want to do their own administration.
  2. Machines that are connected to the net should be properly secured, and most home users don't have the ability or interest to keep up-to-date on security issues.
  3. Professional administration for home users is simply not going to happen with systems that cannot be remotely administered; the cost would be outrageous if the admin had to make a house call every time there was a problem.

, I propose that non-geek home users who wish to use the Internet should be using a securable system such as Linux, and I'd like to offer this business plan to any and all who want it:

Give away the software; sell the administration.

Here's what I long ago thought was an obvious question and a need I expected to be filled by now: Everyone is selling support; why isn't anyone selling administration?

Support to the generally clueful is already a solid industry; the "no support" argument has been massacred to hell and back, and no one can raise it with a straight face anymore in a world with companies like Linuxcare. But there's a need beyond support which has to be met as well. There are many people who don't want support -- they want someone to do everything for them.

Though this is almost unimaginable to someone like me who enjoys playing with computers, I can understand it if I think of my relationship with things with which I don't enjoy tinkering, such as cars. I want my car to run, but I don't have time to learn about carburetors. Most people want to use their computers but don't have time to learn to write shell scripts. Even more importantly, as was brought out in the comments to Jon Lasser's editorial on security, they don't have the time or inclination to read bugtraq and apply patches.

Given this unmet need, I offer the following business model:

  1. Sell customers a machine with Linux preinstalled and completely configured (accounts for all the users, etc.). Only turn on services other than sshd if they are needed.
  2. Arrange Internet access for them. Something with a static IP is vastly preferred, but if it must be a dynamic dialup account, there are PPP dialers like kppp and X-ISP which will display their current IP address so they can give it to you when you need it.
  3. Send their sysadmin to introduce him/herself, install the machine in their home, connect it to the Internet, test it, and spend an afternoon teaching them the basics of how to use it. Leave them a customized manual with important information like how to properly shut down the machine.
  4. Charge them for an administration service contract. In exchange for a periodic fee, they get their own personal sysadmin who will:
    1. Monitor daily log summaries and watch for security or performance issues (often finding and fixing a problem before the customer even knows its there).
    2. Stay on top of security forums like bugtraq and ssh to their machine to apply patches or upgrades when necessary, and inform them of the change and why it was necessary. (No more work from the admin's perspective than fixing her assigned machines and sending a form letter.)
    3. Connect to their machine upon request and attempt to fix any problems they have.
    4. Connect and install any new software they decide they need, configure it, and give them instructions on how to use it.
    5. Upgrade installed software on a regular basis. (For the admin, this can be as simple as "apt-get dist-upgrade".)

I can actually confirm that this works because I did it in a test case with a local hardware vendor and a couple who had never touched a computer before. I gave them the machine and basic instructions and told them how to contact me. If there was a problem, they emailed or called me about it, and I logged on and fixed it. If they thought of something new they wanted to do, I installed the software for it overnight, and when they woke up in the morning, they found instructions on how to use it on their Netscape start page, complete with screenshots and arrows pointing to what they needed to do.

There is at least one immediately obvious problem with this from the customer's perspective: "I don't want anyone looking around my hard drive."

It's certainly a reasonable fear, but let's look at the alternative:

In my hometown of Baltimore, MD, USA, cable modems and DSL are becoming commonplace. Non-geeks who take advantage of these services let the installation man connect their Windows machines, then surf and play oblivious to the facts that:

  1. They have a static IP address and a 24/7 connection to the Internet.
  2. They are now the sysadmins of a small, but very significant to them, part of the net.

To get an idea of how good a job they're doing as admins, fire up samba and take a look around the @home network. The number of Windows machines that have file and printer sharing turned on is staggering, and their owners have no idea that their credit card numbers, private letters, and pornography collections are open and available for anyone to browse.

So the options are these:

  1. Certainty that one person you know and who is being paid to be a professional has access to your hard drive and is responsible for keeping everyone else out.
  2. Near certainty that any number of people you don't know and who owe you nothing have access or can get it by sending you an email with a trojanized binary.

If you really have such secret information that you can't stand the chance that someone might see it, keep it on a floppy or a zip disk, and unplug the ethernet cable before you stick the disk in. Of course, there's the slight chance that your admin will have so little to do and be so little concerned about the possibility of losing his job and going to jail that he'll write a script to copy anything inserted on removable media into a special location for himself. But if you've thought of that, you're sufficiently paranoid that you're admining your own box anyway.

You have to make a sacrifice somewhere. Either you sacrifice your time to learn to admin your box yourself and keep on top of the latest security issues, or you trust someone else to do it for you. The couple in the test case knew and trusted me and their trust was not misplaced. In a more formal arrangement, a business offering admin services to the home would probably have something in the contract promising that any admins found to be betraying their customers' trust would be fired and handed over to criminal prosecution, and procedures would be in place to monitor the admins. There would be a list of circumstances under which it would be permissible for the admin to connect to the machine without being requested to do so by the customer (security risks being chief among them), and no connection would ever be made without immediately informing the customer that it had been done and explaining why.

A clause might also be added to make it clear that the warranty on the system is voided if a day's log summary shows that the customer logged in as root and played God. :)

Footnotes:

[1]
Before the flames begin: Yes, you may replace GNU/Linux with your favorite BSD here, but:
  1. I only know Linux, so it's all I can recommend from personal experience.
  2. The anecdotal evidence of my friends is that *BSD makes a better server and Linux a better client machine.

Jeff Covey received his degree in classical guitar performance but spent so much time with his computer that he fell in with a bad crowd and ended up working for Andover.net. He currently works on freshmeat and runs a computer lab for the kids in his neighborhood in his spare time.
http://pobox.com/~jeff.covey
jeff.covey@freshmeat.net


T-Shirts and Fame!

We're eager to find people interested in writing editorials on software-related topics. We're flexible on length, style, and topic, so long as you know what you're talking about and back up your opinions with facts. Anyone who writes an editorial gets a freshmeat t-shirt from ThinkGeek in addition to 15 minutes of fame. If you think you'd like to try your hand at it, let jeff.covey@freshmeat.net know what you'd like to write about.

Recent comments

04 Feb 2000 19:40 Avatar alfranco302

Remote Admin, Static Internet connection and users like me
A little background first: I am just becoming interested in Linux at a level to actually do something about it. (I like M$ as much as I like AT&T or Bank of America--all money hungry corporations.) I don't know alot about computers, but I'm intelligent and interested, so I'll get there. I got my first computer in 1986--a Commodore 64--but neglected my own interest from 1991 to 1996. My involvement with computers since that time has been as an end-user. Although I am familiar with M$ installations, etc., I am by no means educated about computers on the level that all of you seem to be. I will soon be installing a network on some 486s I bought cheap from a company. I was going to just use Windows, which is already on the computers, but after reading some of the comments here, I'll also look into Linux as an option. As another project, I'm also going to buy a new computer, and install Linux (dual-boot, most likely), this spring. I'm doing both projects for my own edification. Since I'm learning, I've been on the Internet looking up all I can find about Linux, when I ran across this editorial. So I think I can add to this conversation from another perspective.

Comment: It seems to me that most of the ideas in the editorial and the comments could be rolled into one. Maybe it is time for some of you who have the know-how, and the love for Linux, to get together and start a Linux ISP that is also a computer reseller, and a remote admin service provider. All at once.

A lot of people that I know, even those who barely know how to turn on a computer, would rather not support a company like M$. But the alternative, for the general public, is to learn all about computers and join your ranks.

If these people had the option to go to a computer reseller that focused solely on Linux, they would do so--IF their needs were met. That reseller would have to supply the computer with Linux pre-installed and ready to go. With a word processor, web browser, spreadsheet, e-mail package, games, etc..

This company could publicize some selling points, some of which M$ doesn't currently offer:

* a much more stable system (we have one running at work, and it hasn't crashed yet. Our Windows based computers crash daily.)
* Remote Administration COVERED UNDER THE COST OF THE COMPUTER
* Internet access ALSO FINANCED WITH THE COMPUTER

In short, I don't think most people I know would pay $75/mo just for admin. They'll just keep really private stuff on other media, or not worry about it. Most people would choose the latter. But, if when they bought a computer, they had a choice to finance the price of the computer, Internet access and remote admin, I think they (including me) would pay a price that would be acceptable to all.

I don't know what that price point would be, but I think this is the answer. Bundle the following:

* the computer itself
* a firewall?
* Internet access
* Remote Admin
* Am I missing something else?

All in one monthly price. Because it would be done through a "computer reseller", the price would also be less for the customer. (Costs are generally spread across the company, and the workers are all paid salaries.)

The only problem is: what to call this new entity? It's not a computer reseller. Maybe "Computer Services Center"?

AF

26 Jan 2000 03:03 Avatar koolmoose

A cheap gateway/firewall could provide security for you and client
Disclaimer: I am new to Linux but not to computers and computer science. Although I have an engineering degree and 40 years experience with computers of all shapes and sizes, at times it seems like no more than a year's experiance--40 times! So much too learn, so little time! So I have a few more opinions (prejudices) I carry as an extra burden than most.

I have followed interesting discussions on setting up cheap or free (386,486) Linux boxes on a private (192.168.x or other) net. Experimenting on my own time, I had much more trouble configuring older hardware than I anticipated.

Armed with this experience and, having a few years experience working for an ISP as a unix admin supporting thousands of customers running Macs and Windows I want to provide this service. But...There are all areas where my judgement tells me, be careful, you have a reputation to make, or lose...

A few things hold me back.

1. Training burden. Having become complacent with years of 'easy to use and consistent user interface' Mac and PC software I consistently find things more complex to set up and explain to a person new to Linux than I expect. These years of easy configuration have contributed to what I call a 'command line disability'. It is really an attitude that things maybe should be simpler than they are. You can't run a flexible, configurable and simple system unless you learn at least one way to do it from top to bottom without having to ponder each move. Desktop systems have made a market by making it possible to do most things without memorizing them and at least being able to search through similar menu items when you forget. Linux Desktops do this too, but not as consistently. It has been said that if you know how to use a Mac, you know how to use 80% of any Mac program. If you know how to use info you can find out about any Linux program too but I get distracted because of so many options. So I expect others with less experience and less commitment may have trouble finding a solution to a given problem. They might be intimidated and give up because it is too complex. I need a way to protect and educate these people while they are getting used to Linux or I will not be worth the money to them.

2. Expertise. To me it is essential to be comfortable with the command line if I expect to provide useful customer service. To me it is unreasonable to expect a customer to be comfortable with it. Configuring a Linux system for me at my present level of expertise is time consuming, humbling, worthwhile yet dollarwise cheap learning experience. However, the customer will not want to pay me for the learning experience nor suffer the lost time in exploring all options. One of the most appealing features of Linux to me is the idea that giving away Linux information is the best way to learn it. Once I learn it, it seems that I should be able to sell it in good conscience because the information will be reliable and applicable to my customer's needs. I think the market still demands a lot of information to set up and maintain secure, reliable internet service. The fact that the information is freely available and that the hardware is cheap doesn't mean it is easy. It just makes it feasible...for some of you.

3. Choice. You all know that in comparison to desktop machines which generally have few ways or one to do it, in *nix there is more than one way to do it. And since there are so many rainbows to chase, unless I severely limit my options, I end being different without being usefully different. I am learning to be careful with the options I select. I expect that the potential customers I will have will have a lesser tolerance than I for complexity. To provide a valuable service, it will be necessary to know the options I provide backwards and forwards.

On the positive side, several things propel me forward.

1. Really Cheap hardware. The cost of obtaining a Linux box capable of supporting a small nework should be a small percentage of the cost to the customer. I recently got an excellent Dell Pentium 100 off ebay for less than the cost of shipping it! I expect that it will be reasonable to be able to give credit for 'qualified trade-ins' that customers currently own that can provide reliable service with little more than a network card and modem upgrade. I just have to make sure I know how to make the hardware work with Linux and that it is solid. This should be great customer flexibility and value.

2. Marketing and Control. I can locate my hardware at the customer site and provide the connection service for a monthly fee. I recently worked for an ISP that provided a dialup router that cost $800 free if they signed for 3 months of $350/month ISDN24x7 dual channel service. This took a lot of the risk out for the customer because the ISP provided the ISDN connection at the customer site. The customer was not able to make any changes to the router, not even a password. The customer connection was continuously monitored 24x7 to make sure it passed traffic. This protected the ISP from unnecessary maintenance problems. And there were none. In comparison to dialup customers, these customers were almost maintenance free. For this business class of microbusiness customers there were different expectations from ordinary dialup. They ran their own small networks and did not want a lot of options.

3. Secure Remote Administration. Telnet (ssh) provides a secure, practical, flexible way to maintain a network via the internet or, for more security conscious folks, dial-in. Since I have control over the gateway/firewall at the customer site, I can provide good security at minimal cost.

4. Internet backups. The cost of internet storage should make it very practical to back up the most critcal files for small networks.

5. Very inexpensive support. The very nature of open source is such that the risk of not being able to solve a problem is vanishingly small if you stay with what you know. But I do not always have to be the person who solves the problem. Many online services provide me with support on subjects where I might have screwed up something I missed. All I really need to do is to be able to clearly state the problem. Then it is simply a matter of time before someone is able to point me to a solution at very little expense. This will end up saving my customer when I fall short. (Will those who have never fallen short please step this way? We have a cross for you to bear!) My experiences getting support with commercial providers has been expensive and generally not as capable. This is excellent assurance for my customer that I will not fail him. I am literally supported by a cast of thousands!

6. Minimal travel expense. I figure it costs me about $1/per mile distance I have to travel to a customer site. If I can set it up so that maintenance conversations are either through a local call or via the internet, I am saving the customer and myself money, time and inconvenience.

7. More timely and effective support during business hours. My experience supporting customers for an ISP tells me that remote support is superior in many ways to onsite support as long as both the customer and the support person can see what is happening. The ability to work cooperatively with a business customer is a tremendous business asset for both me and the customer. It is ideal for training.

8. Opportunity for value-adds to their network. Adding network resources can result in savings that you can share with the customer. More capability for the same money.

9. Internet in a box. A few years ago, CDs were marketed as Internet in a Box. They allowed you to set up a PPP connection with varying degrees of success. Now you really can get all you need to set up an internet in a CD. It is more a matter of deciding which part of the internet you want to be.

10. Multiplatform capability. Samba and netatalk provide cross platform capability for Windows and Mac

So I agree wholeheartedly that there is a business opportunity for Linux Admins. I will be ready someday soon!

24 Jan 2000 15:27 Avatar mabman1

Possible, but time intensive
This concept is being done. I think I read in one of the national newspapers in Canada (National Post or Globe and Mail) that a couple of young guys are doing something like this already. Basically, they're leasing computers pre-installed with Windows and MS Office apps, complete with support and Internet acess for approx. $150/mo. Seems to be fairly popular to date. Although, this is for businesses, not for home users. The one interesting thing about their setup is that all of the pre-installed programs are on a partition that's read-only, and all user data is stored on a different read/write partition, thus greatly decreasing the possiblility of users screwing the systems up. And, of course, profit margins could be higher when using Linux, as you can just buy blank boxes and install whatever you want without license fees.

Not a bad concept for businesses. Might work for home users. The one problem I see is that system administration can be time intensive. Some users, especially home users, may not be willing to pay what you're worth, especially in a per hour situation. Remote admin protocols (telnet, ssh, vnc, x) would be ideal, but as the author mentioned, using them without a static IP is a pain. And, the more boxes you have to admin, the more people you're going to have to hire. I just can't see getting around that.

24 Jan 2000 01:01 Avatar downwa

Regarding privacy concerns...
Setup cfs to provide a secure portion of the customer's filesystem, to which only they have the password. Make them aware of how to save files in that area, and configure the system so they run a small program to authenticate when they want to save files there.


Much like the zip/floppy suggestion, this can also be subverted by the admin running a daemon to copy files from the secure area while it's active, but it does allow them to have local secure storage.


Make sure to let them know that if they forget their password, their files are toast ;-)

23 Jan 2000 18:31 Avatar dray6

A new Business: Free Software
I see that Giving the software and OS for free and dispensing tech support and consulting for a fee as being a very good way for a company to prosper in the tech industry.
But, I have a suspicion that this will not be in the interest of the customer in the long-run. Companies who develop the software will deliberately keep their product complicated just enough so that the inexperienced, which is most people, will need them to provide their support. What we will get is an OS that is less popular with the masses than the Microsoft's OSs. And that would be a shame.

Screenshot

Project Spotlight

Kigo Video Converter Ultimate for Mac

A tool for converting and editing videos.

Screenshot

Project Spotlight

Kid3

An efficient tagger for MP3, Ogg/Vorbis, and FLAC files.